Presentation is loading. Please wait.

Presentation is loading. Please wait.

Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt

Published byMuriel Baker Modified over 8 years ago

Similar presentations

Presentation on theme: "Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt"— Presentation transcript:

1 Creating a European entity Management Architecture for eGovernment Id www.guide-project.org GUIDE Keiron Salt keiron.salt@bt.com

2 What is GUIDE ? GUIDE (Government User Identity for Europe) is an European Union funded research project conducting research and technological development with the aim of creating a technological, institutional, policy and socio-economic architecture for secure and interoperable e-government electronic identity services and transactions for Europe.

3 Road of GUIDE and EU 2004: Lisbon Agenda 2006: Manchester ‘2010 Declaration’ Encourage Free Movement of Citizens, Capital and Services across the EU to encourage the Internal Market Pan-European Identity Interoperability

4 GUIDE Architecture Summary Objective Creating an open architecture for Pan-European e-government electronic identity interoperability To enable Member States to agree on the identity of an entity (for example a citizen or a business) In order to enable eGovernment sectoral applications to conduct cross- border transactions with respect to that entity The GUIDE architecture aligns with, leverages, and exploits both of The IDABC European Interoperability Framework(EIF) architecture Emerging International Standards for Federated Identity Management

5 The Motivation ‘View’ - What are the Business Problems we’re trying to solve? - Getting the Scope right. Is About Identity data interoperability Authentication Cross border services Standards adoption Standards specification Is Not About Storing Identity data will in GUIDE Application data interoperability Authorisation Internal MS services Re-inventing Implementation Guide delivers identity interoperability across the Member States of the EU. Guide is not an end in itself, but a key enabler for Application inter- operability to enable the Lisbon Initiatives which deliver the real benefits. Guide aims to enable uninhibited movement and seamless government engagement for citizens & businesses across the EU.

6 Guide positioning with other EU Initiatives IDABC – Generic middleware, Network Guide – Identity Interoperability eID – Smart card standards, & Issue Prime – Privacy Enhancement PKI – Certificate Management SchengenEBReTEN20 eGOV Apps Applications Front-End Enrolment, etc Back-End Interoperability IDABC Architecture alignment

7 Guide & EIF / IDABC Synergy IDABC PEGS Architecture – CGEY

8 GUIDE Topology MS1 Cross Domain MS3 Cross Domain MS2 Provider Hub MS4 Provider Hub MS5 Provider Hub Application Service Provider Sub-national Identity Provider Hub National Identity Provider Hub EU Identity Federation National Identity Federation EU Identity Provider Hub Identity Provider Hub

9 Subsidiarity v Standardisation Identity Provider Service Consumer Service Provider UNIFORM FIM MODEL FIM Standard Models expect all actors to fall under the same model GUIDE acknowledges that MS can utilise different FIM models UNIFORM FIM MODEL Guide GW Guide GW Guide GW Identity Provider LIBERTY Service Consumer SHIBOLETH Service Provider WS-FEDERATION Uniform FIM Guide FIM Gateways must act as Proxies for the Real actors

10 Pan EU Citizen Authentication Scenarios Applications Identity Providers Access Channels Member State 2 Applications Identity Providers Access Channels Citizen from Member State1 Civil Servant Civil Servant 1 2 3 1 2 3 Citizen present, and logging on to foreign system as a user (SSO) Citizen present, but user is a foreign Civil Servant Citizen not present, administrative trigger – eg. receipt of E101 form SAML & Liberty Alliance Profiles Member State 1 GUIDE gateway

11 GUIDE Software Agent - Logical Component Architecture GUIDE Request Handler GUIDE SAML Profile Interface Transformation Services GUIDE Interaction Service GUIDE Discovery Service GUIDE Liberty Profile Interface Transformation Services GUIDE Software Agent Member State Interface GUIDE SAML Interface GUIDE Liberty Interface

12 Main GUIDE Core Services Logical Process Flow Identification Authentication Assertions Attribute Provision Interaction Discovery Identity Requests Transformation Services Infrastructure Services Trust Services Security, Assurance, Privacy Redirection Consent Usage Directives Update Lookup

13 Service Profiles & Protocol Bindings Guide Abstract Service Model http IDABC eLink Binding? Liberty ID-WSF V2.0 Authentication MechanismAuthentication RealmAuthentication Context Guide Profile of Liberty Specs Guide Mechanisms Guide Realms Guide Assurance Levels SAML v2.0 Shiboleth WS-Federation SOAP

14 Guide Liberty Profile for Discovery http://example.gov/g048HqeR4tsB urn:liberty: id-sis-pp:2003-08 urn:liberty:id-sis-pp:home urn:liberty:id-sis-pp:informalName urn:GUIDE:Realm:SocialSecurity urn:GUIDE:Assurance:2 not used Naming standards Profiling

15 Guide SAML Profile for Identification <AttributeQuery ID="AjCUk2lleGVzft1456kRp51oFvJ5k" Version="2.0" IssueInstant="2005-08-11T17:42:04Z" Destination="http://www.IP1.eu" xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:protocol http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd" > http://www.myPEGS.eu John Doe 14.07.1971 <!-- omitted: methods for specifying desired attribute formats this should be provided by D1.2.7 --> Chinese GB <!--... digital signature --> Naming standards Profiling

16 Guide & EIF / IDABC Synergy IDABC PEGS Architecture – CGEY

17 Guide Trust Model Trust Model Security ModelAssurance Model Governance Policy Accreditation Liability Technical Domain Policy Domain Privacy Model

Download ppt "Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt"

Similar presentations

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM(2012 238 final) {SWD(2012)

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)
Siemens IT Solutions and Services - 2007 Porvoo 12 – Grosseto, October 2007 Update on EU Common Specifications.

Siemens IT Solutions and Services Porvoo 12 – Grosseto, October 2007 Update on EU Common Specifications.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007.

OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 Robert Scharinger & Gottfried Heider (Ministry of Health, AT) WP 5.4 eHealth pilot - epSOS OpenNCP.

Stork 2.0 is an EU co-funded project INFSO-ICT-PSP Robert Scharinger & Gottfried Heider (Ministry of Health, AT) WP 5.4 eHealth pilot - epSOS OpenNCP.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Dutch eID-Scheme Technical Specifications. Content High level introduction and background information Drivers and functional requirement Resulting landscape.

Dutch eID-Scheme Technical Specifications. Content High level introduction and background information Drivers and functional requirement Resulting landscape.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
The ICAR Federated Identity Model Massimiliano Pianciamore, CEFRIEL Francesco Meschia, CSI-Piemonte

The ICAR Federated Identity Model Massimiliano Pianciamore, CEFRIEL Francesco Meschia, CSI-Piemonte
2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)

2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.
Stork is an EU co-funded project INFSO-ICT-PSP-224993 STORK PRESENTATION STORK Presentation Lithuania March 2010.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK Presentation Lithuania March 2010.
Evolution in cross-border interoperability of eSignatures and eID Tarvi Martens SK, Estonia.

Evolution in cross-border interoperability of eSignatures and eID Tarvi Martens SK, Estonia.
ISA programme: Secure-related initiatives Miguel Alvarez Rodríguez.

ISA programme: Secure-related initiatives Miguel Alvarez Rodríguez.
European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.

European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations

Ads by Google